BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

King iPhone Hacker NSO Group Robbed By Employee -- Spyware On Dark Web Sale For $50 Million, Israel Claims

Following
This article is more than 5 years old.

As well as becoming something of a bête noire of privacy and human rights activists, Israel's NSO Group has established itself as one of the biggest smartphone surveillance companies in the world in recent years, with high-tech malware aimed at Apple's iPhone and Google's Android devices. But in the midst of reported $1 billion merger discussions with another of Israel's spytech giants, Verint, NSO now claims it has become the victim of an online attack, carried out by one of its own.

According to an astonishing indictment filed by Israel's attorney general, first published by Israeli media, it was alleged a 38-year-old NSO programmer stole the company's code earlier this year before trying to flog it on the dark web for as much as $50 million in various cryptocurrencies, including Monero and Zcash. That's much higher than NSO's price tag for Pegasus, which reportedly sells for under $1 million per deployment.

According to the indictment, which doesn't name the employee, the accused disabled McAfee security software on his computer before shifting NSO source code to an external hard drive. Once he'd stolen the material, he Googled possible avenues for sale before heading onto Tor, the network that provides an avenue to the dark web, the attorney general alleged. The ex-staffer then claimed to be part of a hacker crew that had broken into NSO to cover his tracks as he sought to find a buyer, Israel's authorities alleged, before stating the actions of the suspect could've jeopardized the security of the state. That harm came from the fact that the NSO tools were used by Israel's armed forces, the indictment revealed.

Multiple sources in the Israel intelligence industry told Forbes they were flabbergasted by the revelations. "I saw the story... crazy," said one.

An NSO spokesperson told Forbes the company had identified the unnamed perpetrator and contacted the authorities. "The authorities in turn responded quickly and effectively, so that within a very short time the former employee was arrested and the stolen property was secured. We will continue to support the prosecution of the perpetrator to the full extent of the law and pursue all available legal actions," the spokesperson for the 500-staff surveillance company added. "As stated clearly in the indictment, no IP or company materials have been shared with any third party or otherwise leaked, and no customer data or information was compromised."

When asked about the allegations and the state of acquisition discussions with Verint, first reported by Reuters, NSO co-founder Omri Lavie wrote: "You write whatever you want anyway."

$1 billion deal going sour?

NSO Group, a portfolio company of U.S.-based private equity company Francisco Partners, was due to sell to Blackstone Group for $1 billion last year. But that deal fell apart. According to one source close to the deal, Blackstone was taken with NSO's powerful surveillance technology but decided to remove itself from discussions thanks to repeated PR disasters in which NSO became embroiled.

First, the company's Pegasus iOS spyware was found targeting the iPhone of UAE activist Ahmed Mansoor, who currently resides in prison, though it's unclear if his arrest came as a result of any infection. Throughout 2017, it was alleged that numerous lawyers, journalists and activists in Mexico had been targeted with NSO's tools. Targets included the lawyers of murder victims and the investigators looking into the disappearance of 43 students in 2014. The Mexican government said it was to launch an inquiry into the alleged spyware use, whilst NSO Group said at the time it was "appalled by any alleged misuse of our product."

Is it possible the latest deal with Verint will fall apart in the wake of another PR setback for NSO? The company didn't respond to requests for comment.

Cybersecurity and privacy researcher John Scott-Railton, part of the University of Toronto's Citizen Lab that exposed many of NSO's operations, said that if true, the alleged theft indicated NSO was struggling with internal oversight issues. "This should be highly concerning to any government or institution that might be targeted with the vulnerabilities and code that NSO is developing," he told Forbes.

Follow me on TwitterCheck out my websiteSend me a secure tip